Harden plugin installation process

Leantime · Nov 14, 2024 · b042953 · b042953
1 parent 3c518cc
commit b042953
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 264 deletions.
diff --git a/.idea/php.xml b/.idea/php.xml
diff --git a/app/Core/Controller/Frontcontroller.php b/app/Core/Controller/Frontcontroller.php
@@ -297,18 +297,20 @@ public function getClassPath(string $controllerType, string $moduleName, string
      */
     public function getValidControllerMethod(string $controllerClass, string $method): string
     {
-        $method = Str::camel($method);
+        $methodFormatted = Str::camel($method);
         $httpMethod = Str::lower($this->incomingRequest->getMethod());
 
         if (Str::lower($method) == 'head') {
             $method = 'get';
         }
 
         //First check if the given method exists.
-        if (method_exists($controllerClass, $method)) {
-            return $method;
+        if (method_exists($controllerClass, $methodFormatted)) {
+
+            return $methodFormatted;
             //Then check if the http method exists as verb
         } elseif (method_exists($controllerClass, $httpMethod)) {
+
             //If this was the case our first assumption around $method was wrong and $method is actually a
             //id/slug. Let's set id to that slug.
             $this->incomingRequest->query->set('id', $method);

diff --git a/app/Core/UI/Template.php b/app/Core/UI/Template.php
@@ -4,6 +4,7 @@
 
 use Exception;
 use Illuminate\Contracts\Container\BindingResolutionException;
+use Illuminate\Filesystem\Filesystem;
 use Illuminate\Support\Facades\Blade;
 use Illuminate\Support\Str;
 use Illuminate\View\Compilers\Compiler;
@@ -91,6 +92,8 @@ public function __construct(
         /** @var Roles */
         private Roles $roles,
 
+        private Filesystem $files,
+
     ) {
 
         $this->setupDirectives();
@@ -934,4 +937,11 @@ protected function setHookContext($templateParts, $path)
         }
 
     }
+
+    public function clearViewPathCache() {
+
+        $viewPathCachePath = storage_path('framework/viewPaths.php');
+        $this->files->delete($viewPathCachePath);
+
+    }
 }
diff --git a/app/Domain/Plugins/Controllers/Details.php b/app/Domain/Plugins/Controllers/Details.php
@@ -34,7 +34,7 @@ public function get(): Response
         );
 
         if (! $plugin) {
-            return $this->tpl->display('error.error404', 'blank');
+            return $this->tpl->display('errors.error404', 'blank');
         }
 
         $this->tpl->assign('plugin', $plugin);

diff --git a/app/Domain/Plugins/Services/Plugins.php b/app/Domain/Plugins/Services/Plugins.php
@@ -5,12 +5,15 @@
     use Exception;
     use Illuminate\Contracts\Container\BindingResolutionException;
     use Illuminate\Http\Client\RequestException;
+    use Illuminate\Support\Facades\Artisan;
     use Illuminate\Support\Facades\Cache;
     use Illuminate\Support\Facades\File;
     use Illuminate\Support\Facades\Http;
     use Illuminate\Support\Str;
     use Leantime\Core\Configuration\Environment as EnvironmentCore;
+    use Leantime\Core\Console\ConsoleKernel;
     use Leantime\Core\Events\DispatchesEvents;
+    use Leantime\Core\UI\Template;
     use Leantime\Domain\Plugins\Models\InstalledPlugin;
     use Leantime\Domain\Plugins\Models\MarketplacePlugin;
     use Leantime\Domain\Plugins\Repositories\Plugins as PluginRepository;
@@ -24,9 +27,6 @@ class Plugins
     {
         use DispatchesEvents;
 
-        /**
-         * @api
-         */
         private string $pluginDirectory = ROOT.'/../app/Plugins/';
 
         /**
@@ -35,8 +35,6 @@ class Plugins
          * system: Plugin is defined in config and loaded on start. Cannot delete, or disable plugin
          * marketplace: Plugin comes from maarketplace.
          *
-         *
-         * @api
          */
         private array $pluginTypes = [
             'custom' => 'custom',
@@ -49,22 +47,16 @@ class Plugins
          * phar: Phar plugins (only from marketplace)
          * folder: Folder plugins
          *
-         *
-         * @api
          */
         private array $pluginFormat = [
             'phar' => 'phar',
             'folder' => 'phar',
         ];
 
-        /**
-         * Marketplace URL
-         *
-         *
-         * @api
-         */
+
         public string $marketplaceUrl;
 
+
         /**
          * @return void
          *
@@ -75,6 +67,8 @@ public function __construct(
             private EnvironmentCore $config,
             private SettingsService $settingsService,
             private UsersService $usersService,
+            private ConsoleKernel $leantimeCli,
+            private Template $template,
         ) {
             $this->marketplaceUrl = rtrim($config->marketplaceUrl, '/');
         }
@@ -310,6 +304,8 @@ public function enablePlugin(int $id): bool
                 }
             }
 
+           $this->template->clearViewPathCache();
+
             return $this->pluginRepository->enablePlugin($id);
         }
 

diff --git a/config/.env.demo b/config/.env.demo
diff --git a/config/test.env b/config/test.env